diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a6e281c4fa94f65595038ebdc89398733bccfd86..022e37b10d723ef5de62a334eae0aa9992dc71b3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,8 +13,19 @@ stages:
   - deploy
   - .post
 
+workflow:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_OPEN_MERGE_REQUESTS'
+      when: never
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: always
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+      when: always
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+      when: always
 
 include:
+  - local: '/.gitlab/ci/.ruleset.yml'
   - local: '/.gitlab/ci/.build-container.yml'
   - local: '/.gitlab/ci/.code-quality-ci.yml'
   - local: '/.gitlab/ci/.security-and-compliance-ci.yml'
diff --git a/.gitlab/ci/.build-container.yml b/.gitlab/ci/.build-container.yml
index 189e34f47c492cf28bb895130e1882df4e955134..80fa497ed33299d437a6b41cb8b8680f4497e8ab 100644
--- a/.gitlab/ci/.build-container.yml
+++ b/.gitlab/ci/.build-container.yml
@@ -21,7 +21,16 @@ build-testing-image:
       variables:
         TAG: develop
         BUILDARGS: -race
-    - when: always
+    - !reference [.push_event, rules]
+    - !reference [.merge_request, rules]
+  before_script:
+    # replace all slashes in the tag with hyphen, because slashes are not allowed in tags
+    - TAG=${TAG//\//-}
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" >/kaniko/.docker/config.json
+  needs: []
+
+build-testing-image:
   script:
     - /kaniko/executor
       --cache=true
diff --git a/.gitlab/ci/.code-quality-ci.yml b/.gitlab/ci/.code-quality-ci.yml
index 3910d884c536da0059a8e09f41309fc4ae806eab..bc283cf53753be249af8cb856bb0c0c75ca9a182 100644
--- a/.gitlab/ci/.code-quality-ci.yml
+++ b/.gitlab/ci/.code-quality-ci.yml
@@ -9,5 +9,6 @@ code-quality:
       codequality: gl-code-quality-report.json
     paths:
       - gl-code-quality-report.json
+  rules:
+    - !reference [.merge_request, rules]
   needs: []
-  
\ No newline at end of file
diff --git a/.gitlab/ci/.containerlab-ci.yml b/.gitlab/ci/.containerlab-ci.yml
index f3a06f8ad8ef783f36b176cab610549781be6cac..3fde1f9e80ce86d669faedf3c4b790bd8c13d644 100644
--- a/.gitlab/ci/.containerlab-ci.yml
+++ b/.gitlab/ci/.containerlab-ci.yml
@@ -43,6 +43,8 @@ variables:
     name: ${CLAB_NAME}
     paths:
       - ${CLAB_NAME}.clab.yml
+  rules:
+    - !reference [.merge_request, rules]
 
 # JOBS
 containerlab:template:integration:
@@ -66,6 +68,9 @@ containerlab:deploy:integration:
   artifacts:
     reports:
       dotenv: ${CI_PROJECT_DIR}/build.env
+  rules:
+    - !reference [.merge_request, rules]
+
 
 
 containerlab:destroy:
@@ -84,6 +89,8 @@ containerlab:destroy:
     - docker volume rm -f ${CLAB_NAME}-volume
     - docker image rm -f ${GOSDN_IMAGE}
   allow_failure: true
+  rules:
+    - !reference [.containerlab_cleanup, rules]
 
 
 #containerlab:template:develop:
diff --git a/.gitlab/ci/.integration-test.yml b/.gitlab/ci/.integration-test.yml
index dc80d9815835f0c4231c5248234be38958da64dd..cf304933eefed8cc616381afd6ffff9670791c2e 100644
--- a/.gitlab/ci/.integration-test.yml
+++ b/.gitlab/ci/.integration-test.yml
@@ -26,6 +26,8 @@ integration-test:nucleus:
     - go test -race -v -run TestGnmi_GetIntegration
     - go test -race -v -run TestGnmi_SubscribeIntegration
     - go test -race -v -run TestGnmi_CapabilitiesIntegration
+  rules:
+    - !reference [.merge_request, rules]
 
 integration-test:api:
   <<: *integration-test
@@ -34,3 +36,5 @@ integration-test:api:
   script:
     - cd ./api
     - go test -race -v -run TestApiIntegration
+  rules:
+    - !reference [.merge_request, rules]
diff --git a/.gitlab/ci/.ruleset.yml b/.gitlab/ci/.ruleset.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9fbb10f0fc72f9b36353618e5dca997934a645e8
--- /dev/null
+++ b/.gitlab/ci/.ruleset.yml
@@ -0,0 +1,37 @@
+.push_event:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+      when: on_success
+
+.merge_request:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: on_success
+
+.containerlab_cleanup:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: always
+
+.merge_request_and_changed_dependency:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      changes:
+        - go.mod
+        - go.sum
+      when: always
+
+.nightly_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+      when: always
+
+.nightly_develop_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"  && $CI_NIGHTLY == "develop"'
+      when: always
+
+.nightly_main_pipeline:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "schedule"  && $CI_NIGHTLY == "mainline"'
+      when: always
diff --git a/.gitlab/ci/.security-and-compliance-ci.yml b/.gitlab/ci/.security-and-compliance-ci.yml
index a42c6695e77f10cfb7440e317bfbd0b73a629da9..6157fbe9f352bec93876192923e95aae7482ea75 100644
--- a/.gitlab/ci/.security-and-compliance-ci.yml
+++ b/.gitlab/ci/.security-and-compliance-ci.yml
@@ -16,23 +16,24 @@ include:
   - template: Security/SAST.gitlab-ci.yml
   - template: Dependency-Scanning.gitlab-ci.yml
   - template: Security/License-Scanning.gitlab-ci.yml
-#  - template: Security/Secret-Detection.gitlab-ci.yml
+  #  - template: Security/Secret-Detection.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
 
+license_scanning:
+  rules:
+    - !reference [.merge_request_and_changed_dependency, rules]
+
 gemnasium-dependency_scanning:
-  <<: *rules
+  rules:
+    - !reference [.merge_request_and_changed_dependency, rules]
 
 gosec-sast:
-  <<: *rules
-
-license_scanning:
-  <<: *rules
+  rules:
+    - !reference [.nightly_pipeline, rules]
 
 semgrep-sast:
-  <<: *rules
-
-#secret_detection:
-#  <<: *rules
+  rules:
+    - !reference [.nightly_pipeline, rules]
 
 container_scanning:
   stage: analyze
@@ -44,5 +45,5 @@ container_scanning:
     DOCKER_IMAGE: "${GOSDN_IMAGE}"
     DOCKER_USER: "${CI_REGISTRY_USER}"
     DOCKER_PASSWORD: "${CI_REGISTRY_PASSWORD}"
-  needs: 
+  needs:
     - build-image
diff --git a/.gitlab/ci/.test.yml b/.gitlab/ci/.test.yml
index 762da835770a5f8e3666f8287a18a1d83b6db509..738560c401bd92eff06e30036b2fee3a0ad2c693 100644
--- a/.gitlab/ci/.test.yml
+++ b/.gitlab/ci/.test.yml
@@ -21,11 +21,16 @@ unit-test:
   after_script:
     - go tool cover -func=coverage.out
   <<: *test
+  rules:
+    - !reference [.push_event, rules]
+    - !reference [.merge_request, rules]
 
 controller-test:
   script:
     - gotestsum --junitfile report.xml --format testname -- -race -v -run TestRun
   <<: *test
+  rules:
+    - !reference [.merge_request, rules]
 
 test-build:
   artifacts: